MicrosoftDocs
diff --git a/‎defender-endpoint/evaluate-controlled-folder-access.md‎
Lines changed: 6 additions & 6 deletions b/‎defender-endpoint/evaluate-controlled-folder-access.md‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎defender-endpoint/mde-planning-guide.md‎
Lines changed: 6 additions & 4 deletions b/‎defender-endpoint/mde-planning-guide.md‎
Lines changed: 6 additions & 4 deletions
diff --git a/‎defender-endpoint/prepare-deployment.md‎
Lines changed: 9 additions & 10 deletions b/‎defender-endpoint/prepare-deployment.md‎
Lines changed: 9 additions & 10 deletions
diff --git a/‎defender-endpoint/rbac.md‎
Lines changed: 9 additions & 6 deletions b/‎defender-endpoint/rbac.md‎
Lines changed: 9 additions & 6 deletions
@@ -15,7 +15,7 @@ ms.collection:
 - tier2
 - mde-asr
 search.appverid: met150
-ms.date: 06/18/2024
+ms.date: 06/26/2024
 ---
 
 # Evaluate controlled folder access
@@ -50,12 +50,12 @@ To enable audit mode, use the following PowerShell cmdlet:
 Set-MpPreference -EnableControlledFolderAccess AuditMode
 ```
 
-> [!TIP]
-> If you want to fully audit how controlled folder access will work in your organization, use a management tool to deploy this setting to devices in your networks. You can also use Group Policy, Intune, mobile device management (MDM), or Microsoft Configuration Manager to configure and deploy the setting, as described in the main [controlled folder access topic](controlled-folders.md).
-
 > [!NOTE]
-> - If your workflow involves usage of shared network folders, enabling controlled folder access can result in significant performance reduction, particularly because of many queries to the file share server.
-> - Some types of endpoint security or asset management software inject code into every process that starts on the system. These may result in controlled folder access no longer trusting known applications like Office programs. You can see the reason for controlled folder access detections by using the MDEClientAnalyzer tool's `-cfa` argument (see [Run the client analyzer on Windows](run-analyzer-windows.md)). If you're affected, consider adding an [antivirus exclusion](configure-exclusions-microsoft-defender-antivirus.md) for the injecting process, or consult your management software vendor about signing all their binaries.
+> - To see how controlled folder access would work in your organization, use a management tool to deploy it to devices in your network. You can also use Group Policy, Intune, mobile device management (MDM), or Microsoft Configuration Manager to configure and deploy the setting, as described in [Protect important folders with controlled folder access](controlled-folders.md).
+>
+> - If your workflow involves usage of shared network folders, enabling controlled folder access can result in significant network performance reduction, if the shared network folders are accessed by an untrusted process, particularly because of many queries to the file share server. Make sure your file servers are optimized for increased network traffic, especially if you're using shared network folders for offline files.
+>
+> - Some types of endpoint security or asset management software inject code into every process that starts on the system. These may result in controlled folder access no longer trusting known applications like Office programs. You can see the reason for controlled folder access detections by using the [MDEClientAnalyzer](run-analyzer-windows.md) tool's `-cfa` argument. If you're affected, consider adding an [antivirus exclusion](configure-exclusions-microsoft-defender-antivirus.md) for the injecting process, or consult your management software vendor about signing all their binaries.
 
 ## Review controlled folder access events in Windows Event Viewer
 
 
@@ -18,7 +18,7 @@ ms.custom: admindeeplinkDEFENDER
 ms.topic: conceptual
 ms.subservice: onboard
 search.appverid: met150
-ms.date: 01/19/2024
+ms.date: 06/26/2024
 ---
 
 # Get started with your Microsoft Defender for Endpoint deployment
@@ -33,7 +33,6 @@ ms.date: 01/19/2024
 
 [!Include [defender-endpoint-setup-guide.md](../includes/mde-automated-setup-guide.md)]
 
-
 Maximize available security capabilities and better protect your enterprise from cyber threats by deploying Microsoft Defender for Endpoint and onboarding your devices. Onboarding your devices enables you to identify and stop threats quickly, prioritize risks, and evolve your defenses across operating systems and network devices.
 
 This guide provides five steps to help deploy Defender for Endpoint as your multi-platform endpoint protection solution. It helps you choose the best deployment tool, onboard devices, and configure capabilities. Each step corresponds to a separate article.
@@ -48,13 +47,16 @@ The steps to deploy Defender for Endpoint are:
 4. [Step 4 - Onboard devices](onboarding.md): Assess and onboard your devices to Defender for Endpoint.
 5. [Step 5 - Configure capabilities](onboard-configure.md): You're now ready to configure Defender for Endpoint security capabilities to protect your devices.
 
+> [!IMPORTANT]
+> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+
 ## Requirements
 
 Here's a list of prerequisites required to deploy Defender for Endpoint:
 
-- You're a global admin
+- You're a Global Administrator
 - Your environment meets the [minimum requirements](minimum-requirements.md)
-- You have a full inventory of your environment. The following table provides a starting point to gather information and ensure your environment is deeply understood by stakeholders, which helps identify potential dependencies and/or changes required in technologies or processes.
+- You have a full inventory of your environment. The following table provides a starting point to gather information and ensure that stakeholders understand your environment. The inventory helps identify potential dependencies and/or changes required in technologies or processes.
 
 |What|Description|
 |---|---|
 
@@ -16,7 +16,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: onboard
 search.appverid: met150
-ms.date: 12/18/2020
+ms.date: 06/26/2024
 ---
 
 # Assign roles and permissions for Microsoft Defender for Endpoint deployment
@@ -31,24 +31,22 @@ ms.date: 12/18/2020
 
 > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
-The next step when deploying Defender for Endpoint is to assign roles and permissions for The Defender for Endpoint deployment.
+The next step when deploying Defender for Endpoint is to assign roles and permissions for the Defender for Endpoint deployment.
+
+> [!IMPORTANT]
+> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
 
 ## Role-based access control
 
 Microsoft recommends using the concept of least privileges. Defender for Endpoint leverages built-in roles within Microsoft Entra ID. Microsoft recommends [review the different roles that are available](/azure/active-directory/roles/permissions-reference) and choose the right one to solve your needs for each persona for this application. Some roles may need to be applied temporarily and removed after the deployment has been completed.
 
-<br>
-
-****
-
 |Personas|Roles|Microsoft Entra role (if necessary)|Assign to|
 |---|---|---|---|
 |Security Administrator||||
 |Security Analyst||||
 |Endpoint Administrator||||
 |Infrastructure Administrator||||
 |Business Owner/Stakeholder||||
-|
 
 Microsoft recommends using [Privileged Identity Management](/azure/active-directory/active-directory-privileged-identity-management-configure) to manage your roles to provide additional auditing, control, and access review for users with directory permissions.
 
@@ -66,11 +64,12 @@ The following example table serves to identify the Cyber Defense Operations Cent
 
 |Tier|Description|Permission Required|
 |---|---|---|
-|Tier 1|**Local security operations team / IT team** <p> This team usually triages and investigates alerts contained within their geolocation and escalates to Tier 2 in cases where an active remediation is required.||
-|Tier 2|**Regional security operations team** <p> This team can see all the devices for their region and perform remediation actions.|View data|
-|Tier 3|**Global security operations team** <p> This team consists of security experts and is authorized to see and perform all actions from the portal.|View data <p> Alerts investigation Active remediation actions <p> Alerts investigation Active remediation actions <p> Manage portal system settings <p> Manage security settings|
+|Tier 1|**Local security operations team / IT team** <br/><br/> This team usually triages and investigates alerts contained within their geolocation and escalates to Tier 2 in cases where an active remediation is required.||
+|Tier 2|**Regional security operations team** <br/><br/> This team can see all the devices for their region and perform remediation actions.|View data|
+|Tier 3|**Global security operations team** <br/><br/> This team consists of security experts and is authorized to see and perform all actions from the portal.|View data <br/><br/> Alerts investigation Active remediation actions <br/><br/> Alerts investigation Active remediation actions <br/><br/> Manage portal system settings <br/><br/> Manage security settings|
 
 ## Next step
 
 After assigning roles and permissions to view and manage Defender for Endpoint it's time for [Step 3 - Identify your architecture and choose your deployment method](deployment-strategy.md).
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
@@ -12,7 +12,7 @@ ms.collection:
 - tier2
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 12/18/2020
+ms.date: 06/26/2024
 ---
 
 # Manage portal access using role-based access control
@@ -35,6 +35,9 @@ Using role-based access control (RBAC), you can create roles and groups within y
 
 > [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4bJ2a]
 
+> [!IMPORTANT]
+> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+
 Large geo-distributed security operations teams typically adopt a tier-based model to assign and authorize access to security portals. Typical tiers include the following three levels:
 
 |Tier|Description|
@@ -65,16 +68,16 @@ Before using RBAC, it's important that you understand the roles that can grant p
 > [!WARNING]
 > Before enabling the feature, it's important that you have a Global Administrator role or Security Administrator role in Microsoft Entra ID and that you have your Microsoft Entra groups ready to reduce the risk of being locked out of the portal.
 
-When you first log in to the Microsoft Defender portal, you're granted either full access or read only access. Full access rights are granted to users with Security Administrator or Global Administrator roles in Microsoft Entra ID. Read only access is granted to users with a Security Reader role in Microsoft Entra ID.
+When you first sign in to the Microsoft Defender portal, you're granted either full access or read only access. Full access rights are granted to users with Security Administrator or Global Administrator roles in Microsoft Entra ID. Read only access is granted to users with a Security Reader role in Microsoft Entra ID.
 
-Someone with a Defender for Endpoint Global administrator role has unrestricted access to all devices, regardless of their device group association and the Microsoft Entra user groups assignments.
+Someone with a Defender for Endpoint Global Administrator role has unrestricted access to all devices, regardless of their device group association and the Microsoft Entra user groups assignments.
 
 > [!WARNING]
-> Initially, only those with Microsoft Entra Global Administrator or Security Administrator rights will be able to create and assign roles in the Microsoft Defender portal, therefore, having the right groups ready in Microsoft Entra ID is important.
+> Initially, only those with Microsoft Entra Global Administrator or Security Administrator rights can create and assign roles in the Microsoft Defender portal; therefore, having the right groups ready in Microsoft Entra ID is important.
 >
-> **Turning on role-based access control will cause users with read-only permissions (for example, users assigned to Microsoft Entra Security reader role) to lose access until they are assigned to a role.**
+> **Turning on role-based access control causes users with read-only permissions (for example, users assigned to Microsoft Entra Security reader role) to lose access until they are assigned to a role.**
 >
-> Users with admin permissions are automatically assigned the default built-in Defender for Endpoint global administrator role with full permissions. After opting in to use RBAC, you can assign additional users that are not Microsoft Entra Global or Security Administrators to the Defender for Endpoint global administrator role.
+> Users with administrator permissions are automatically assigned the default built-in Defender for Endpoint Global Administrator role with full permissions. After opting in to use RBAC, you can assign additional users who aren't Microsoft Entra Global Administrators or Security Administrators to the Defender for Endpoint Global Administrator role.
 >
 > After opting in to use RBAC, you cannot revert to the initial roles as when you first logged into the portal.